Detection rules examples
More about Detection rules
If you are using the Elastic Stack you believe in the power of open source and understand the importance of community. The two core goals with Elastic Security are to stop large-scale threats and arm every analyst.
The Elastic Stack delivers 100s to 1000s of detection rules made by the Elastic Experts covering MITRE ATT&CK® techniques. However there is always room for improvement. On this page you find a collection of detection rules made by the community. Mainly influenced by the Sigma project.
With the help of this detection rule repository the goal is to provide Elastic Security users with the best detection that works across various data sources. It is using ECS as a great equalizer for patterns, making it possible to write rules that apply to multiple data sources at once.